18 matches found
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
EUVD-2026-20034
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-4379
The CVE-2026-4379 entry describes a Stored Cross-Site Scripting vulnerability in the LightPress Lightbox WordPress plugin, affecting all versions up to 2.3.4. The issue arises from how the plugin appends the group attribute to the [gallery] shortcode output without proper escaping, enabling authe...
CVE-2026-4379 LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
CVE-2026-4379 LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
PT-2026-31073
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the group attribute in the gallery shortcode in all versions up to, and including, 2.3.4. This is due to the plugin modifying gallery shortcode output to include the group attribute value without proper...
WordPress plugin LightPress Lightbox 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress LightPress Lightbox plugin <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP jQuery Lightbox versions = 2.3.4...
EUVD-2025-14272
Malicious code in bioql PyPI...
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649 LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
CVE-2025-3649
The CVE-2025-3649 issue affects the LightPress Lightbox WordPress plugin (versions prior to 2.3.4). It arises because download links are not validated to ensure they point to non-Javascript URLs, enabling Stored XSS by users with at least the contributor role. Impact indicators from the sources l...
PT-2025-20682 · WordPress · Lightpress Lightbox
Name of the Vulnerable Software and Affected Versions: LightPress Lightbox plugin for WordPress versions prior to 2.3.4 Description: The issue allows users with at least the contributor role to conduct Stored XSS attacks due to the plugin not checking if download links point to valid,...
WordPress plugin LightPress Lightbox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...